Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. General Support
  4. Stub files hack?

Stub files hack?

1 Apr 21, 2007 15:18    

My b2evolution Version: Not Entered

I'm running a modified version of b2Evolution v0.9.0 with multiblog support.
Today I was notified that a few of the stub-files have been altered with code looking like this:


if (IsSet($_GET[''xanax''])){header(\"Location: http://www.pharmacy.topsearch20.net/search.php?q=xanax\");exit;}

The word "xarax" was used in one stub-file while other words like "credit" and "tramadol" where in the others. Furthermore some spammers have posted url''s to these blogs on LOTS of other sites with links like "http://myblogg.com?xanax#3" so that when users click these links they are redirected to topsearch20.net. Have anyone else seen anything like this? The stub-files are owned by the domain-user and have been modded 644...

Back to top

3 Apr 21, 2007 15:28

Yeah, but it will require lots of modifications again. I try to keep up with all security-related upgrades, but I might of course have missed something.

Back to top

4 Apr 21, 2007 15:34

it's important to point out, additionally, that all versions of b2evolution up to and including version 0.9 .0.11 are susceptible to atleast one SQL injection exploit.

The first thing you need to do is upgrade.

If the files are currently chmod'd to 644, thats wonderful. Unfortunately, without knowing when the code was added, you cant really speak to what the permissions were at the time they were modified.

I know what youre going to say too :

"yeah, but im pretty sure they .."

If you havent re-modified them, What are the timestamps on these particular files when you look at them in your ftp?

Back to top

5 Apr 21, 2007 15:36

Stream wrote:

Yeah, but it will require lots of modifications again. I try to keep up with all security-related upgrades, but I might of course have missed something.

If you are hacking the core files, that's sort of the way it goes. I've been through it, it's a pain, but its a must.

Back to top

6 Apr 21, 2007 15:42

whoo wrote:

it's important to point out, additionally, that all versions of b2evolution up to and including version 0.9 .0.11 are susceptible to atleast one SQL injection exploit.

The first thing you need to do is upgrade.

If the files are currently chmod'd to 644, thats wonderful. Unfortunately, without knowing when the code was added, you cant really speak to what the permissions were at the time they were modified.

I know what youre going to say too :

"yeah, but im pretty sure they .."

If you havent re-modified them, What are the timestamps on these particular files when you look at them in your ftp?

I have about 60 blogs in total, only 8 of them were "hacked". All stub-files are chmod'd 644, the ones hacked are timestamped just after 2am last night (GMT).

Back to top

7 Apr 21, 2007 15:44

whoo wrote:

Stream wrote:

Yeah, but it will require lots of modifications again. I try to keep up with all security-related upgrades, but I might of course have missed something.

If you are hacking the core files, that's sort of the way it goes. I've been through it, it's a pain, but its a must.

I know - been doing this for years with phpBB, but not on b2evolution...
Might be some of my code causing a security-hole so I'm just asking if someone else has heard of or experienced the same.

Back to top

8 Jun 11, 2007 07:11

What is the CHMOD value supposed to be for stub files?

jj.

Back to top


Form is loading...